Added Keycloak provider

Author: Jefferson49

composer.json

@@ -11,18 +11,24 @@
         {
             "url": "https://github.com/bahuma20/oauth2-nextcloud.git",
             "type": "git"
-        }           
+        },
+        {
+            "url": "https://github.com/stevenmaguire/oauth2-keycloak.git",
+            "type": "git"
+        }
     ],
     "require": {
         "bahuma/oauth2-nextcloud": "=2.0.0",
         "jefferson49/webtrees-common": ">=1.2.8",
         "league/oauth2-client": "=2.8.0",
         "league/oauth2-github": "=3.1.1",
         "league/oauth2-google": "=4.0.1",
-        "stevenmaguire/oauth2-dropbox": "dev-Remove-scope-from-getAccessToken"
+        "stevenmaguire/oauth2-dropbox": "dev-Remove-scope-from-getAccessToken",
+        "stevenmaguire/oauth2-keycloak": "=5.1.0"
     },
     "replace": {
         "guzzlehttp/guzzle": "*",
-        "paragonie/random_compat": "*"
+        "paragonie/random_compat": "*",
+        "firebase/php-jwt": "*"
     }    
 }

composer.lock

@@ -255,10 +255,10 @@ public function handle(ServerRequestInterface $request): ResponseInterface
         $authorization_provider_id = $user_data_from_provider->getAuthorizationProviderUserId();
 
         CustomModuleLog::addDebugLog($log_module, 'Adjusted user data from authorization provider to webtrees' . ': ' . json_encode([
-                'authorization_provider_i' => $authorization_provider_id,
-                'user_name'                => $user_name, 
-                'real_name'                => $real_name,
-                'email'                    => $email,
+                'authorization_provider_id' => $authorization_provider_id,
+                'user_name'                 => $user_name, 
+                'real_name'                 => $real_name,
+                'email'                     => $email,
             ]));
 
         $provider_to_connect = Session::get(OAuth2Client::activeModuleName() . OAuth2Client::SESSION_PROVIDER_TO_CONNECT, '');

src/LoginWithAuthorizationProviderAction.php

@@ -0,0 +1,105 @@
+<?php
+
+/**
+ * webtrees: online genealogy
+ * Copyright (C) 2024 webtrees development team
+ *                    <http://webtrees.net>
+ *
+ * OAuth2Client (webtrees custom module):
+ * Copyright (C) 2024 Markus Hemprich
+ *                    <http://www.familienforschung-hemprich.de>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ *
+ * 
+ * OAuth2-Client
+ *
+ * A weebtrees(https://webtrees.net) 2.1 custom module to implement an OAuth2 client
+ * 
+ */
+
+declare(strict_types=1);
+
+namespace Jefferson49\Webtrees\Module\OAuth2Client\Provider;
+
+use Fisharebest\Webtrees\User;
+use Jefferson49\Webtrees\Module\OAuth2Client\AuthorizationProviderUser;
+use Jefferson49\Webtrees\Module\OAuth2Client\Contracts\AuthorizationProviderInterface;
+use League\OAuth2\Client\Provider\AbstractProvider;
+use Stevenmaguire\OAuth2\Client\Provider\Keycloak;
+use League\OAuth2\Client\Token\AccessToken;
+use League\OAuth2\Client\Tool\ArrayAccessorTrait;
+
+
+/**
+ *  An OAuth2 authorization client for Keycloak
+ */
+class KeycloakAuthorizationProvider extends AbstractAuthorizationProvider implements AuthorizationProviderInterface
+{    
+    use ArrayAccessorTrait;
+
+    //The authorization provider
+    protected AbstractProvider $provider;
+
+    /**
+     * @param string $redirectUri
+     * @param array  $options
+     * @param array  $collaborators
+     */
+    public function __construct(string $redirectUri, array $options = [], array $collaborators = [])
+    {
+        $options = array_merge($options, [
+            'redirectUri'       => $redirectUri,
+        ]);
+        
+        $this->provider = new Keycloak($options, $collaborators);
+
+        if (isset($options['signInButtonLabel'])) {
+            $this->setSignInButtonLabel($options['signInButtonLabel']);
+        }
+    }
+
+    /**
+     * Use access token to get user data from provider and return it as a webtrees User object
+     * 
+     * @param AccessToken $token
+     * 
+     * @return User
+     */
+    public function getUserData(AccessToken $token) : AuthorizationProviderUser {
+
+        $user           = parent::getUserData($token);
+        $resource_owner = $user->getRessourceOwner();
+
+        //Apply specific user data provided by Keycloak
+        $user->setUserName($resource_owner->getUserName() ?? '');
+        $user->setRealName($resource_owner->getName() ?? '');
+        $user->setEmail($resource_owner->getEmail() ?? '');
+
+        return $user;
+    }
+
+    /**
+     * Returns a list with options that can be passed to the provider
+     *
+     * @return array   An array of option names, which can be set for this provider.
+     *                 Options include `clientId`, `clientSecret`, `redirectUri`, etc.
+     */
+    public static function getRequiredOptions() : array {
+        return [
+            'clientId',
+            'clientSecret',
+            'authServerUrl',
+            'realm',
+        ];
+    }
+}